CODEWITHSUNDEEP
c#jqueryasp.netsecurity
Micah Armantrout
Micah Armantrout

Reputation: 6971

Page Methods and Security

Recently I learned that you can take a script manager and set the EnablePageMethods="true" this is something I would like to do but is there any security implications ?

Also, Is there a newer better way to this ?

Upvotes: 2

Views: 852

Answers (2)

McGarnagle
McGarnagle

Reputation: 102763

It does not have any more security implications than would adding any ordinary web page or service to a website. The needed precautions are the same -- don't use any inputs without validating them first, don't inadvertently return sensitive information in error messages, etc.

There is a newer way, and arguably better, if you don't mind switching to a new platform: ASP.Net MVC, and the related "Web API". (You can use Web API with Webforms also, thanks to Karl Anderson for noting in the comments.)

Upvotes: 3

Karl Anderson
Karl Anderson

Reputation: 34846

All that EnablePageMethods="true" really does is generate an inline JavaScript proxy that allows for calling back to ASP.NET AJAX Page Methods via the PageMethods syntax.

I prefer using jQuery via its .ajax() method to call ASP.NET AJAX Page Methods, like this:

Code-behind

[WebMethod]
public static string GetDate()
{
    return DateTime.Now.ToString();
}

JavaScript:

$.ajax({
    type: "POST",
    url: "PageName.aspx/GetDate",
    data: "{}",
    contentType: "application/json; charset=utf-8",
    dataType: "json",
    success: function(msg) {
        // Do something interesting here.
    }
});

Note: Since ASP.NET AJAX Page Methods automatically serialize their response to JSON, then "json" is the return dataType of the AJAX call. contentType describes what you are sending to the server.

Upvotes: 4

Related Questions